CN110535842B - Mimic security system and method based on sampling detection - Google Patents

Mimic security system and method based on sampling detection Download PDF

Info

Publication number
CN110535842B
CN110535842B CN201910768634.4A CN201910768634A CN110535842B CN 110535842 B CN110535842 B CN 110535842B CN 201910768634 A CN201910768634 A CN 201910768634A CN 110535842 B CN110535842 B CN 110535842B
Authority
CN
China
Prior art keywords
equivalent
data
redundancy controller
judgment result
arbitration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910768634.4A
Other languages
Chinese (zh)
Other versions
CN110535842A (en
Inventor
吴少勇
王延松
李顺斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Lab
Original Assignee
Zhejiang Lab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Lab filed Critical Zhejiang Lab
Priority to CN201910768634.4A priority Critical patent/CN110535842B/en
Publication of CN110535842A publication Critical patent/CN110535842A/en
Application granted granted Critical
Publication of CN110535842B publication Critical patent/CN110535842B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a mimetic safety system and a mimetic safety method based on sampling detection, wherein the system comprises an input agent, a redundancy controller, at least two heterogeneous functional equivalents and an output agent; the redundancy controller is used for comparing parameters of the judgment result of the isomeric functional equivalent and informing the output agent of the judgment result; the heterogeneous functional equivalent is used for selecting and synchronizing sampling data, judging the characteristics of the sampling data and sending a judgment result to the redundancy controller; the mimicry arbitration parameter of the heterogeneous functional equivalent is sampling data generated based on the storage data, so that the storage space and the computing resource required by the arbitration parameter are greatly reduced, the timeliness and the accuracy of the arbitration parameter are also guaranteed, the mimicry arbitration efficiency under the network edge computing scene of large-scale data computing and the like is improved, and the availability of the mimicry safety system is increased.

Description

Mimic security system and method based on sampling detection
Technical Field
The invention relates to the field of network communication, in particular to a mimicry security system and a mimicry security method based on sampling detection.
Background
While the network space is developed vigorously, the network space is facing a severe security situation, a large number of malicious attack events aiming at the network space exist, in addition, the network system is complex, and inevitable holes exist, so that the network space not only comes from external threats, but also is interwoven with the internal security hole problem, and the security risk is severe and complex. Under a new network space security situation, the traditional defense means based on prior knowledge is difficult to deal with various attacks, the defense thought needs to be changed, a new defense boundary is defined, the depth of a defense line is consolidated, and active defense from passive to endogenous security is developed.
Chinese patent CN201610853938.7, "a device, method and apparatus for encapsulating isomerous functional equivalents," proposes a mimicry security defense technique, which can obtain favorable internal defense situation from the initiative, variability and randomness, and makes dynamic change through the mimicry environment, so as to make it difficult to observe and predict the attacker, thereby greatly increasing the attack difficulty and cost including unknown available bugs and backdoors. The main principle is as shown in figure 1, after receiving an external service request, an input agent sends the external service request to one or more selected heterogeneous functional equivalents according to an agent strategy of a redundancy controller; the heterogeneous function equivalent works and runs after receiving the service request, outputs a service response and sends the service response to the output agent, and sends the mimicry arbitration parameter to the redundancy controller; and after receiving the service response, the output agent selects the output of one of the heterogeneous functional equivalents as an external service response to be sent according to the output arbitration strategy of the redundancy controller.
The chinese patent CN201610853938.7 solves the problem of security protection of network elements well, but at present, the network functions are more and more complex, and the types of security attacks are more and more, for example, in network edge calculation, the network elements not only have network transmission functions, but also have storage and calculation functions, data stored by the network elements usually exceed G bytes or even T bytes, and the calculation functions are complex, and if the mimicry arbitration function of the chinese patent CN201610853938.7 is still adopted, it is difficult to meet the actual requirements of the network in terms of timeliness and arbitration accuracy.
Disclosure of Invention
In view of this, the main objective of the present invention is to provide a mimetic security system and method based on sampling detection, which can improve the mimetic arbitration efficiency in the network edge computing scenarios such as large-scale data computation, and increase the usability of the mimetic security system.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a mimicry safety system based on sampling detection comprises an input agent, a redundancy controller, at least two heterogeneous functional equivalents and an output agent; the input agent is used for sending the external service request to the selected one or more heterogeneous functional equivalents according to the agent strategy of the redundancy controller after receiving the external service request; the redundancy controller is used for comparing parameters of the judgment result of the isomeric functional equivalent and informing the output agent of the judgment result; the heterogeneous functional equivalent is used for selecting and synchronizing sampling data, judging the characteristics of the sampling data and sending a judgment result to the redundancy controller; the output agent is used for sending the output of the corresponding equivalent as an external service response according to the arbitration result of the redundancy controller;
further, the redundant controller includes:
an arbitration parameter notification module: regularly sending a notice of a decision parameter request message to a certain heterogeneous function equivalent;
an arbitration parameter comparison module: comparing the similarity of every two judgment results sent by the isomeric function equivalent, judging the isomeric function equivalent with the maximum similarity as the equivalent for outputting response, and informing the judgment result to an output agent;
further, the isomeric functional equivalents include:
an arbitration parameter generation module: after receiving a decision parameter request message sent by a redundancy controller, the equivalence body generates a sample data according to the stored data, and the size of the sample data is determined according to the processing capacity of the decision parameter calculation module;
arbitration parameter synchronization module: generating an equivalent of the sampled data, sending the sampled data to other equivalents, and completing the synchronization of the sampled data among all equivalents;
the arbitration parameter calculation module: each equivalence body carries out characteristic judgment on the sampled data and sends the judgment result to the redundancy controller;
a mimicry security method based on sampling detection comprises the following steps:
(1) the redundancy controller sends a request for arbitration parameters to one of the heterogeneous functional equivalents at regular time;
(2) the equivalent body receiving the arbitration parameter request message generates a piece of sampling data according to the storage data, and simultaneously sends the generated sampling data to other equivalent bodies;
(3) each equivalence body carries out characteristic judgment on the sampled data and sends the judgment result to the redundancy controller;
(4) the redundancy controller compares the similarity of every two equivalent bodies according to the judgment result sent by each equivalent body, selects the isomeric function equivalent body with the maximum similarity as the equivalent body for outputting response, and informs the arbitration result to the output agent;
in the invention, the mimicry arbitration parameter of the heterogeneous functional equivalent is the sampling data generated based on the storage data, so that the storage space and the computing resource required by the arbitration parameter are greatly reduced, the timeliness and the accuracy of the arbitration parameter are also ensured, the mimicry arbitration efficiency under the network edge computing scene of large-scale data computing and the like is improved, and the availability of the mimicry safety system is increased.
Drawings
FIG. 1 is a schematic diagram of a background art mimicry security defense principle;
FIG. 2 is a schematic diagram of an implementation module of the method of the present invention;
FIG. 3 is a schematic flow chart of the implementation of the method of the present invention;
FIG. 4 is a schematic diagram of an embodiment of the present invention.
Detailed Description
A mimicry safety system based on sampling detection comprises an input agent, a redundancy controller, at least two heterogeneous functional equivalents and an output agent; the input agent is used for sending the external service request to the selected one or more heterogeneous functional equivalents according to the agent strategy of the redundancy controller after receiving the external service request; the redundancy controller is used for comparing parameters of the judgment result of the isomeric functional equivalent and informing the output agent of the judgment result; the heterogeneous functional equivalent is used for selecting and synchronizing sampling data, judging the characteristics of the sampling data and sending a judgment result to the redundancy controller; the output agent is used for sending the output of the corresponding equivalent as an external service response according to the arbitration result of the redundancy controller;
further, as shown in fig. 2, the redundancy controller includes:
an arbitration parameter notification module: regularly sending a notice of a decision parameter request message to a certain heterogeneous function equivalent;
an arbitration parameter comparison module: comparing the similarity of every two judgment results sent by the isomeric function equivalent, judging the isomeric function equivalent with the maximum similarity as the equivalent for outputting response, and informing the judgment result to an output agent;
the isomeric functional equivalents include:
an arbitration parameter generation module: after receiving a decision parameter request message sent by a redundancy controller, the equivalence body generates a sample data according to the stored data, and the size of the sample data is determined according to the processing capacity of the decision parameter calculation module;
arbitration parameter synchronization module: generating an equivalent of the sampled data, sending the sampled data to other equivalents, and completing the synchronization of the sampled data among all equivalents;
the arbitration parameter calculation module: each equivalence body carries out characteristic judgment on the sampled data and sends the judgment result to the redundancy controller;
the technical solution is further described in detail with reference to the following examples.
As shown in fig. 4, in the mimicry system, 3 heterogeneous functional equivalents need to perform storage and calculation functions, for example, the storage data is a large number of collected pictures, the calculation function is to find out pictures containing a specific object among all the pictures, and the output result is a "yes" picture, because the data storage capacity is large, the calculation function is complex, the output data is also large, and all the data and the output result cannot be directly sent to the redundant controller for arbitration.
According to the proposed arbitration parameter message synchronization mechanism of the present invention, the process is as follows (fig. 3):
(1) the redundancy controller sends a arbitration parameter request to one of the isomeric functional equivalents at regular time;
(2) the equivalence body which receives the arbitration parameter request message sent by the redundancy controller generates a piece of sampling data according to the stored data, and simultaneously sends the generated sampling data to other equivalence bodies, wherein the size of the sampling data is determined according to the actual arbitration processing capacity of the redundancy controller, and the size of the sampling data is 5 pictures in the embodiment;
(3) each equivalence body carries out characteristic judgment on the sampled data and sends the judgment result to the redundancy controller;
(4) the redundancy controller compares the similarity of each equivalent in pairs according to the judgment result sent by each equivalent, selects the equivalent with the maximum similarity of the heterogeneous function as the equivalent for outputting response, in this embodiment, the equivalent 1, as the selected equivalent for outputting response, and notifies the arbitration result to the output agent.
In other embodiments, in addition to the above-mentioned request sent by the redundant controller to the heterogeneous functional equivalent at regular time, the request can also be sent by the heterogeneous functional equivalent at regular time to the redundant controller to complete the timing transmission of the arbitration parameter between the redundant controller and the heterogeneous functional equivalent.
The above description is only a preferred embodiment of the present invention, and the well is not intended to limit the scope of the present invention.
In summary, the invention provides a mimicry security system and method based on sampling detection, wherein the mimicry decision parameter of the heterogeneous functional equivalent is the sampling data generated based on the storage data, so that the storage space and the computing resource required by the decision parameter are greatly reduced, the timeliness and the accuracy of the decision parameter are also ensured, the mimicry decision efficiency under the network edge computing scene such as large-scale data computing is improved, and the availability of the mimicry security system is increased.

Claims (4)

1. A mimicry safety system based on sampling detection is characterized by comprising an input agent, a redundancy controller, at least two heterogeneous functional equivalents and an output agent; the input agent is used for sending the external service request to the selected one or more heterogeneous functional equivalents according to the agent strategy of the redundancy controller after receiving the external service request; the redundancy controller is used for comparing parameters of the judgment result of the isomeric functional equivalent and informing the output agent of the judgment result; the heterogeneous functional equivalent is used for selecting and synchronizing the stored data and the sampled data, judging the characteristics of the stored data and the sampled data, and sending the judgment result to the redundancy controller; the output agent is used for sending the output of the corresponding equivalent as an external service response according to the judgment result of the redundancy controller, wherein the output is the result of judging all the stored data characteristics.
2. The sample detection-based mimicry safety system of claim 1, wherein the redundancy controller comprises:
an arbitration parameter notification module: regularly sending a notice of a decision parameter request message to a certain heterogeneous function equivalent;
an arbitration parameter comparison module: and comparing the similarity of every two judgment results sent by the isomeric function equivalent, judging the isomeric function equivalent with the maximum similarity as the equivalent for outputting response, and informing the judgment result to the output agent.
3. The sample detection-based mimicry security system of claim 1, wherein the heterogeneous functional equivalents comprise:
an arbitration parameter generation module: after receiving a decision parameter request message sent by a redundancy controller, the equivalence body generates a sample data according to the stored data, and the size of the sample data is determined according to the processing capacity of the decision parameter calculation module;
arbitration parameter synchronization module: generating an equivalent of the sampled data, sending the sampled data to other equivalents, and completing the synchronization of the sampled data among all equivalents;
the arbitration parameter calculation module: each equivalent performs a characteristic determination on the sampled data and sends the determination result to the redundancy controller.
4. A mimicry security method based on sampling detection is characterized by comprising the following steps:
(1) the redundancy controller sends a request for arbitration parameters to one of the heterogeneous functional equivalents at regular time;
(2) the equivalent body receiving the arbitration parameter request message generates a piece of sampling data according to the storage data, and simultaneously sends the generated sampling data to other equivalent bodies;
(3) each equivalent body judges the characteristics of all the stored data and the sampled data, sends the judgment result to the redundancy controller and outputs the judgment result of all the stored data;
(4) and the redundancy controller compares the similarity of every two equivalent bodies according to the judgment result sent by each equivalent body, selects the isomeric function equivalent body with the maximum similarity as the equivalent body for outputting response, and informs the arbitration result to the output agent.
CN201910768634.4A 2019-08-20 2019-08-20 Mimic security system and method based on sampling detection Active CN110535842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910768634.4A CN110535842B (en) 2019-08-20 2019-08-20 Mimic security system and method based on sampling detection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910768634.4A CN110535842B (en) 2019-08-20 2019-08-20 Mimic security system and method based on sampling detection

Publications (2)

Publication Number Publication Date
CN110535842A CN110535842A (en) 2019-12-03
CN110535842B true CN110535842B (en) 2021-11-19

Family

ID=68663696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910768634.4A Active CN110535842B (en) 2019-08-20 2019-08-20 Mimic security system and method based on sampling detection

Country Status (1)

Country Link
CN (1) CN110535842B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111431945B (en) * 2020-06-10 2020-10-13 之江实验室 Message mimicry arbitration device and method
CN112653707B (en) * 2020-12-31 2022-08-16 河南信大网御科技有限公司 Enhanced mimicry input agent

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101030203B1 (en) * 2003-06-05 2011-04-22 인터트러스트 테크놀로지즈 코포레이션 Interoperable systems and methods for peer-to-peer service orchestration
US9262545B2 (en) * 2007-01-22 2016-02-16 Syracuse University Distributed video content management and sharing system
CN104615576B (en) * 2015-03-02 2017-03-15 中国人民解放军国防科学技术大学 Combination grain consistency maintaining method towards CPU+GPU processors
CN106161419B (en) * 2015-06-01 2019-05-14 上海红神信息技术有限公司 A kind of isomery function equivalence body synchronizing device
CN105553689B (en) * 2015-12-03 2018-12-28 中国科学院信息工程研究所 Stream rule method for rapidly judging of equal value in a kind of openflow message
CN106534063B (en) * 2016-09-27 2019-11-12 上海红阵信息科技有限公司 A kind of device, method and apparatus encapsulating isomery function equivalence body
US11146578B2 (en) * 2016-12-16 2021-10-12 Patternex, Inc. Method and system for employing graph analysis for detecting malicious activity in time evolving networks
CN108536796B (en) * 2018-04-02 2021-10-01 北京大学 Heterogeneous ontology matching method and system based on graph
CN109067737B (en) * 2018-07-28 2020-12-15 中国人民解放军战略支援部队信息工程大学 Mimicry judgment device and method under output asynchronous order-preserving condition
CN109450900B (en) * 2018-11-09 2020-12-01 天津市滨海新区信息技术创新中心 Mimicry judgment method, device and system

Also Published As

Publication number Publication date
CN110535842A (en) 2019-12-03

Similar Documents

Publication Publication Date Title
CN110535843B (en) Apparatus and method for mimicry arbitration parameter message synchronization
US20230092522A1 (en) Data packet processing method, apparatus, and electronic device, computer-readable storage medium, and computer program product
CN109829297B (en) Monitoring device, method and computer storage medium thereof
KR101388090B1 (en) Apparatus for detecting cyber attack based on analysis of event and method thereof
CN108683668B (en) Resource checking method, device, storage medium and equipment in content distribution network
US9900335B2 (en) Systems and methods for prioritizing indicators of compromise
CN111274583A (en) Big data computer network safety protection device and control method thereof
CN110535842B (en) Mimic security system and method based on sampling detection
KR20180031570A (en) Technique for Detecting Suspicious Electronic Messages
CN103916379A (en) CC attack identification method and system based on high frequency statistics
CN103684792A (en) Safety authentication method for OAM (Operation, Administration and Maintenance) and OAM message sending/receiving device
CN104378327A (en) Network attack protection method, device and system
CN112153032B (en) Information processing method, device, computer readable storage medium and system
CN108667826B (en) Scheduling device and scheduling method based on four-mode heterogeneous redundant processor
Ahn et al. Hawkware: Network intrusion detection based on behavior analysis with ANNs on an IoT device
EP4274160A1 (en) System and method for machine learning based malware detection
CN103856489A (en) Achieving method and device for preventing replay attack
CN111400746A (en) Image management method, apparatus, device, and medium based on block chain
CN111786940A (en) Data processing method and device
WO2020082228A1 (en) Method and apparatus for attesting physical attacks
CN110545268A (en) multidimensional mimicry voting method based on process elements
CN113872931B (en) Port scanning behavior detection method and system, server and proxy node
CN111597461B (en) Target object aggregation prediction method and device and electronic equipment
Zniti et al. A comparative study of hash algorithms with the prospect of developing a CAN bus authentication technique
US11126713B2 (en) Detecting directory reconnaissance in a directory service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant